Hijacking Safari 4 Top Sites with Phish Bombs

It is extremely important to keep your software updated, particularly your web browser. By way of example, consider older versions of the Safari Browser.

One of the features of Safari is the “Top Sites” function, which stores a user’s favorite and most visited web sites. Prior to version 4.0.3 though, the “Top Sites” function was able to be exploited.

This exploit allowed a malicious user to use JavaScript to replace the link for a user’s favorite website. By doing so, the user would unknowingly believe they were going to check the score of the big game but instead the link would execute malicious code.

One way to mitigate this risk, which is also a good security practice, is to minimize the amount of automatic settings in your browser. In this instance, do not allow Safari to automatically add links to your “Top Sites”. Instead, configure the browser to only allow manual additions.

As we stated above, this vulnerability is a perfect example of why users must keep their software updated. Software companies are continually looking for ways to make their product more appealing. Sometimes though, this convenience comes at the expense of security and privacy.

Stay alert, remain vigilant, keep aware of the latest risks, and remind your users of the importance of security and best practices.